Commits:
-
aba1e5a0
by Pier Angelo Vendrame at 2024-04-08T12:52:20+02:00
fixup! Firefox preference overrides.
Bug 41676: Set privacy.resistFingerprinting.testing.setTZtoUTC as a
defense-in-depth.
We will have to revert this during the ESR-transition.
-
81838b89
by Pier Angelo Vendrame at 2024-04-08T12:52:22+02:00
Bug 42428: Make RFP spoof the timezone of document.lastModified.
-
1b1e94cd
by Pier Angelo Vendrame at 2024-04-08T12:52:22+02:00
Bug 42472: Spoof timezone in XSLT.
3 changed files:
Changes:
browser/app/profile/001-base-profile.js
| ... |
... |
@@ -396,6 +396,9 @@ pref("browser.display.use_system_colors", false); |
|
396
|
396
|
// Enforce non-native widget theme (true by default, defense in depth).
|
|
397
|
397
|
// Provides a uniform look and feel across platforms. Added with tor-browser#41496.
|
|
398
|
398
|
pref("widget.non-native-theme.enabled", true);
|
|
|
399
|
+// tor-browser#41676: Set the TZ environment variable as a defense-in-depth.
|
|
|
400
|
+// TODO: Remove this in ESR-128, as it has been removed in 116 with Bug 1837582.
|
|
|
401
|
+pref("privacy.resistFingerprinting.testing.setTZtoUTC", true);
|
|
399
|
402
|
|
|
400
|
403
|
// tor-browser#41943: lock and revisit after it gets flipped to true in stable Firefox
|
|
401
|
404
|
pref("_javascript_.options.spectre.disable_for_isolated_content", false, locked);
|
dom/base/Document.cpp
| ... |
... |
@@ -4103,10 +4103,11 @@ void Document::SetDocumentURI(nsIURI* aURI) { |
|
4103
|
4103
|
}
|
|
4104
|
4104
|
}
|
|
4105
|
4105
|
|
|
4106
|
|
-static void GetFormattedTimeString(PRTime aTime,
|
|
|
4106
|
+static void GetFormattedTimeString(PRTime aTime, bool aUniversal,
|
|
4107
|
4107
|
nsAString& aFormattedTimeString) {
|
|
4108
|
4108
|
PRExplodedTime prtime;
|
|
4109
|
|
- PR_ExplodeTime(aTime, PR_LocalTimeParameters, &prtime);
|
|
|
4109
|
+ PR_ExplodeTime(aTime, aUniversal ? PR_GMTParameters : PR_LocalTimeParameters,
|
|
|
4110
|
+ &prtime);
|
|
4110
|
4111
|
// "MM/DD/YYYY hh:mm:ss"
|
|
4111
|
4112
|
char formatedTime[24];
|
|
4112
|
4113
|
if (SprintfLiteral(formatedTime, "%02d/%02d/%04d %02d:%02d:%02d",
|
| ... |
... |
@@ -4124,7 +4125,9 @@ void Document::GetLastModified(nsAString& aLastModified) const { |
|
4124
|
4125
|
if (!mLastModified.IsEmpty()) {
|
|
4125
|
4126
|
aLastModified.Assign(mLastModified);
|
|
4126
|
4127
|
} else {
|
|
4127
|
|
- GetFormattedTimeString(PR_Now(), aLastModified);
|
|
|
4128
|
+ GetFormattedTimeString(PR_Now(),
|
|
|
4129
|
+ ShouldResistFingerprinting(RFPTarget::Unknown),
|
|
|
4130
|
+ aLastModified);
|
|
4128
|
4131
|
}
|
|
4129
|
4132
|
}
|
|
4130
|
4133
|
|
| ... |
... |
@@ -11053,7 +11056,8 @@ void Document::RetrieveRelevantHeaders(nsIChannel* aChannel) { |
|
11053
|
11056
|
|
|
11054
|
11057
|
mLastModified.Truncate();
|
|
11055
|
11058
|
if (modDate != 0) {
|
|
11056
|
|
- GetFormattedTimeString(modDate, mLastModified);
|
|
|
11059
|
+ GetFormattedTimeString(
|
|
|
11060
|
+ modDate, ShouldResistFingerprinting(RFPTarget::Unknown), mLastModified);
|
|
11057
|
11061
|
}
|
|
11058
|
11062
|
}
|
|
11059
|
11063
|
|
dom/xslt/xslt/txEXSLTFunctions.cpp
| ... |
... |
@@ -591,7 +591,14 @@ nsresult txEXSLTFunctionCall::evaluate(txIEvalContext* aContext, |
|
591
|
591
|
// http://exslt.org/date/functions/date-time/
|
|
592
|
592
|
|
|
593
|
593
|
PRExplodedTime prtime;
|
|
594
|
|
- PR_ExplodeTime(PR_Now(), PR_LocalTimeParameters, &prtime);
|
|
|
594
|
+ PR_ExplodeTime(
|
|
|
595
|
+ PR_Now(),
|
|
|
596
|
+ // We are not allowed to access the Document when evaluating this, so
|
|
|
597
|
+ // fall back to the general function.
|
|
|
598
|
+ nsContentUtils::ShouldResistFingerprinting(RFPTarget::Unknown)
|
|
|
599
|
+ ? PR_GMTParameters
|
|
|
600
|
+ : PR_LocalTimeParameters,
|
|
|
601
|
+ &prtime);
|
|
595
|
602
|
|
|
596
|
603
|
int32_t offset =
|
|
597
|
604
|
(prtime.tm_params.tp_gmt_offset + prtime.tm_params.tp_dst_offset) /
|
|